<?php
// Tim'Roster
// Copyright (c) 2011 Nicolas Nallet <aspgic2@gmail.com>
//
// This file is part of Tim'Roster.
//
// Tim'Roster is free software; you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
//
// Tim'Roster is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program; if not, write to the Free Software Foundation,
// Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA


session_start();

$xml_config = simplexml_load_file('config.xml');

include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/technical_class/authentification/User.php');


if (!User::is_user_logged()){
    User::store_url_referer();
    header('Location: login.php');
}
else {
    $user = User::get_user(User::get_current_user_id());


    if ( (!isset($user)) || (!isset($_GET['id'])) || (!is_numeric($_GET['id'])) ) {
        header('Location: unauthorized_access.php');
    }

    if ( (!User::is_user_authorize(User::ADMIN_GROUP_ID)) && ($user->get_id() != $_GET['id']) ){
        header('Location: unauthorized_access.php');
    }
}

include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/render/render_menu.php');
include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/render/render_header_footer.php');
include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/render/render_admin_panel.php');
include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/technical_class/language/language.php');



//*******************//
//  Change password  //
//*******************//
if ( (isset($_POST['pass1'])) && (isset($_GET['id']))){
    $old_pass = '';

    if (isset($_POST['old_pass'])){
        $old_pass = $_POST['old_pass'];
    }

    if ( (User::check_password_format($_POST['pass1']))
             && ( (User::check_password_format($old_pass)) || (User::is_user_authorize(User::ADMIN_GROUP_ID)) )
             && ( (($_GET['id'] == $_SESSION['user_id']) || (!User::is_user_authorize(User::ADMIN_GROUP_ID))) )
       ) {

        if(User::change_password($_SESSION['user_id'], $old_pass, $_POST['pass1'])){
            $content = Language::get_instance()->get_label('lb_password_change_complete');
        }
        else {
            $content = Language::get_instance()->get_label('lb_password_change_failure');
        }
    }
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <script type="text/javascript" src="external_libraries/jquery-ui/js/jquery-1.4.4.min.js"></script>
        <script type="text/javascript" src="external_libraries/jquery-ui/js/jquery-ui-1.8.7.custom.min.js"></script>

        <script type="text/javascript" src="js/menudialog.js"></script>
        <script type="text/javascript" src="js/login_data_check.js"></script>
        <link rel="shortcut icon" type="images/x-icon" href="img/quest_jeton.png" />

        <style>
            @import url(css/base.css);
            @import url(external_libraries/jquery-ui/css/smoothness/jquery-ui-1.8.6.custom.css);
        </style>

        <script type="text/javascript">
            function validForm(){

                var error = 0;

                var pass1 = document.getElementById('pass1').value;
                var pass2 = document.getElementById('pass2').value;

                if ((!pass1) || (!pass2) && (error == 0)){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_password_must_be_set').'\'' ?>);
                }


                if ((((!checkPasswordFormat(pass1))) || (!checkPasswordFormat(pass2))) && (error == 0)){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_password_format').'\'' ?>);
                }

                if ((pass1 != pass2) && (error == 0)){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_passwords_do_not_match').'\'' ?>);
                }

                //if no error redirect
                if (error == 0){
                    document.change_password_form.submit();
                }
            }
        </script>

    </head>
    <body>
        <center>
            <?php
                echo render_page_header().'</br>';
            ?>
            <table>
                <tr>
                    <td valign="top"><?php include('menu.php'); ?></td>
                    <td valign="top">
                        <fieldset>
                            <h1 class="title">
                                <?php
                                    echo Language::get_instance()->get_label('lb_change_password').' '.Language::get_instance()->get_label('lb_user').' : '.ucfirst($user->get_name());
                                ?>
                            </h1>
                            <h3>
                                <?php
                                    if (isset($content)){
                                        echo $content.'<br/>';
                                    }
                                ?>
                            </h3>
                            <form name ="change_password_form" method="post" accept-charset="utf-8">
                                <?php
                                    if (!User::is_user_authorize(User::ADMIN_GROUP_ID)){
                                        echo Language::get_instance()->get_label('lb_old_password').'<br/><input type="password" name="old_pass" id="old_pass" value=""/><br/>';
                                    }
                                ?>
                                <?php echo Language::get_instance()->get_label('lb_new_password') ?><br/><input type="password" name="pass1" id="pass1" value=""/><br/>
                                <?php echo Language::get_instance()->get_label('lb_new_password_again') ?><br/><input type="password" name="pass2" id="pass2" value=""/><br/>
                                <input type="button" value="<?php echo Language::get_instance()->get_label('lb_submit'); ?>" onclick="validForm();" />
                            </form>
                        </fieldset>
                    </td>
                </tr>
            </table>
            <?php
                echo render_page_footer();
            ?>
        </center>
    </body>
</html>

